CVE-2025-68703: Jervis's Salt for PBKDF2 derived from password
(updated )
Pre-computation attacks.
Severity is considered low for internal uses of this library and high for consumers of this library.
References
- github.com/advisories/GHSA-36h5-vrq6-pp34
- github.com/samrocketman/jervis
- github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy
- github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy
- github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
- github.com/samrocketman/jervis/security/advisories/GHSA-36h5-vrq6-pp34
- nvd.nist.gov/vuln/detail/CVE-2025-68703
Code Behaviors & Features
Detect and mitigate CVE-2025-68703 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →